RandomFish

I will have to disagree with you on all points. Can you site the time frame requirement in the law? Also from the Matomo site: Data Storage and Data Collection Limits There is no limit. You did not read this wrong. You can keep all your data forever. By default, all historical visitor data, and all reports are kept. You can choose to anonymize the data or purge the old log or report data after a few months. It’s your decision as it is your data. https://matomo.org/docs/data-limits/

The official Europa site is not GDPR compliant either. You get a Piwik cookie from them and there is no means to opt out. This whole thing is a mess.

That is not even the area I am talking about. I am talking about the facebook faces box that triggers a cookie. This module seems scammy, it allows users to be tracked and makes shop owners feel safe. While all it does is expose them to risks because you have not stated that you need to disable every integration because this module does not work with any integrations.

I am afraid that you do not understand the law and the changes in the law. One notable change in the law is you are required to let users opt out of tracking cookies and cannot use implied consent. When I visited your demo site I was cookied by the site, which is considered an essential cookie. That is ok if it is a session cookie. But I was also cookied by a facebook tracking cookie. That is NOT ok under GDPR. You have shared my data with a 3rd party without warning me beforehand and getting my consent beforehand. This subjects you to fines. Please read this: https://www.itgovernance.eu/blog/en/how-the-gdpr-affects-cookie-policies Implied consent is no longer sufficient. Consent must be given through a clear affirmative action, such as clicking an opt-in box or choosing settings or preferences on a settings menu. Simply visiting a site doesn’t count as consent. ‘By using this site, you accept cookies’ messages are also not sufficient for the same reasons. If there is no genuine and free choice, then there is no valid consent. You must make it possible to both accept or reject cookies. This means: It must be as easy to withdraw consent as it is to give it. If organisations want to tell people to block cookies if they don’t give their consent, they must make them accept cookies first. Sites will need to provide an opt-out option. Even after getting valid consent, sites must give people the option to change their mind. If you ask for consent through opt-in boxes in a settings menu, users must always be able to return to that menu to adjust their preferences. None of these obligations are met in regards to third party cookies.

I visited the test site, I was cookied by Facebook without my consent. How is this even close to GDPR compliant?

This is good to know that there is an alternative. I just wish I could get the time I invested in 1.7 back and also take my gray hairs it gave me away.

We have tried to redo our site in 1.7, 1.7.1, and 1.7.2. Its not working. It is the absolute worst piece of software from a developer and merchant stand point I have seen. It does look nice, but nothing works. Nothing at all. Taxes. Rounding. Random errors that appear to go away. It is a software abortion. Is thirty bees what people are transferring to? We are going to call our 1.7 tests a loss and find something else.